The most common software security vulnerabilities and risks

buffer overflow – is the condition that occurs when data that is being copied into the buffer (contiguous allocated storage space in memory) is more than what the buffer can handle.

stack overflow – buffer has been overflowed in the stack space.

the data flows from one buffer space into another, causing the return address instruction pointer to be overwritten.

heap overflow – a heap overflows does not necessarily overflow but corrupts the heap memory space (buffer), overwriting variables and function pointers on the heap.

injection flows – occur when the user supplied data is not validated before being processed by an interpreter.

SQL injection

OS Command injection

LDAP injection

XML injection – software does not properly filter or quote special characters or reserved words that are used in XML, allowing an attacker to modify the syntax, contents or commands before execution.

cross-site scripting – A web application is said to be susceptible to XSS vulnerability when the user supplied input is sent back to the browser client without being properly validated and its content escaped.

Non-persistent (Reflected) – the user supplied input script that is injected (also referred to as payload) is not stored but merely included in the response from the web server, either in the results of a search or an error message.

Persistent (Stored) – the injected script is permanently stored on the target servers, either in a database, a message forum, a visitor log or an input field. Each time the victims visit the page that has the injected code stored in it or served to it from the web server, the payload script executes in the user’s browse

DOM based – the payload is executed in the victim’sbrowser as a result of DOM environment modifications on the client side. The HTTP response (or the web page) itself is not modified, but weaknesses in the client side allows the code contained in the web page client to be modified, so that the payload can be executed.

insecure direct object references – an unauthorized user or process can invoke the internal functionality of the software by manipulating parameters and other object values that directly reference this functionality.

security misconfiguration -Some of the common examples of security misconfigurations:

Missing software and operating system patches.

Lack of perimeter and host defensive controls such as firewalls,

filters.

Installation of software with default accounts and settings.

Installation of the administrative console with default configuration settings.

social engineering

Phishing

Pharming – scamming practice in which malicious code is installed on a system or server which misdirects users to fraudulent web sites without the user’s knowledge or consent.

Vishing – made up of two words, “voice” and “phishing” and is the criminal fraudulent activity in which an attacker steals sensitive information using deceptive social engineering techniques on VoIP networks.

SMSishing

Defensive Coding Practices

input validation – use blacklist or whitelist technique.

canonicalization (C14N) -process of converting data that has more than one possible representation to conform to a standard canonical form.

sanitization -process of converting something that is considered dangerous into its innocuous form. Both inputs and outputs can be sanitized.

stripping – removing harmful characters from user supplied input.

substitution – replacing user supplied input with safer alternatives.

literalization – using properties that render the user supplied input to be treated as a literal form.

error handling – error messages must be non-verbose and explicitly specified in the software. Redirect errors and exceptions to a custom and default error handling location.

cryptographic agility – ability to manage the specifics of the cryptographic functions that are embedded in code without recompiling, typically through a configuration file.

tokenization – process of replacing sensitive data with unique

identification symbols that still retain the needed information about the data, without compromising its security.

anti-tampering – techniques assure integrity assurance and protection against unauthorized and malicious alterations of the software code and/or the data.

obfuscation.

code-signing.

Secure Software Processes

In addition to writing secure code, there are certain processes that must be conducted during the implementation phase that can assure the security of the software: